Merge pull request #131 from tribe29/devel

Prepare release 0.8.0

Vagrantfile

@@ -36,7 +36,7 @@ Vagrant.configure("2") do |config|
 
     # Ubuntu
     config.vm.define "ansibuntu", autostart: false , primary: false do |srv|
-      srv.vm.box = "ubuntu/focal64"
+      srv.vm.box = "ubuntu/jammy64"
       srv.vm.network "private_network", ip: "192.168.56.61"
       srv.ssh.insert_key = false
       srv.vm.provider "virtualbox" do |v|

changelogs/fragments/agent_role.yml

@@ -0,0 +1,50 @@
+# https://docs.ansible.com/ansible/latest/community/development_process.html#changelogs-how-to
+
+minor_changes:
+  - Agent role - Enable forced agent installation, skipping all possible constraints, like downgrades.
+  - Agent role - Make Checkmk server port for API calls configurable. By default the ports 80 and 443 are used according to the configured protocol.
+  - Agent role - Add a boolean for whether to validate the SSL certificate of the Checkmk server used to retrieve agent packages.
+
+# known_issues:
+#   - This release is still in development and a heavy work in progress.
+#   - Discovery module is not feature complete yet.
+#   - Downtime module is not fully idempotent yet. This affects service downtimes and deletions.
+
+## Line Format
+# When writing a changelog entry, use the following format:
+
+# - scope - description starting with a lowercase letter and ending with a period at the very end. Multiple sentences are allowed (https://github.com/reference/to/an/issue or, if there is no issue, reference to a pull request itself).
+
+# The scope is usually a module or plugin name or group of modules or plugins, for example, lookup plugins. While module names can (and should) be mentioned directly (foo_module), plugin names should always be followed by the type (foo inventory plugin).
+
+# For changes that are not really scoped (for example, which affect a whole collection), use the following format:
+
+# - Description starting with an uppercase letter and ending with a dot at the very end. Multiple sentences are allowed (https://github.com/reference/to/an/issue or, if there is no issue, reference to a pull request itself).
+
+
+## Possible keys:
+
+# breaking_changes
+
+#     Changes that break existing playbooks or roles. This includes any change to existing behavior that forces users to update tasks. Displayed in both the changelogs and the Porting Guides.
+# major_changes
+
+#     Major changes to Ansible itself. Generally does not include module or plugin changes. Displayed in both the changelogs and the Porting Guides.
+# minor_changes
+
+#     Minor changes to Ansible, modules, or plugins. This includes new features, new parameters added to modules, or behavior changes to existing parameters.
+# deprecated_features
+
+#     Features that have been deprecated and are scheduled for removal in a future release. Displayed in both the changelogs and the Porting Guides.
+# removed_features
+
+#     Features that were previously deprecated and are now removed. Displayed in both the changelogs and the Porting Guides.
+# security_fixes
+
+#     Fixes that address CVEs or resolve security concerns. Include links to CVE information.
+# bugfixes
+
+#     Fixes that resolve issues.
+# known_issues
+
+#     Known issues that are currently not fixed or will not be fixed.

changelogs/fragments/modules.yml

@@ -0,0 +1,52 @@
+# https://docs.ansible.com/ansible/latest/community/development_process.html#changelogs-how-to
+
+minor_changes:
+  - Activation module - Make certificate validation of the Checkmk server configurable.
+  - Discovery module - Make certificate validation of the Checkmk server configurable.
+  - Downtime module - Make certificate validation of the Checkmk server configurable.
+  - Folder module - Make certificate validation of the Checkmk server configurable.
+  - Host module - Make certificate validation of the Checkmk server configurable.
+
+# known_issues:
+#   - This release is still in development and a heavy work in progress.
+#   - Discovery module is not feature complete yet.
+#   - Downtime module is not fully idempotent yet. This affects service downtimes and deletions.
+
+## Line Format
+# When writing a changelog entry, use the following format:
+
+# - scope - description starting with a lowercase letter and ending with a period at the very end. Multiple sentences are allowed (https://github.com/reference/to/an/issue or, if there is no issue, reference to a pull request itself).
+
+# The scope is usually a module or plugin name or group of modules or plugins, for example, lookup plugins. While module names can (and should) be mentioned directly (foo_module), plugin names should always be followed by the type (foo inventory plugin).
+
+# For changes that are not really scoped (for example, which affect a whole collection), use the following format:
+
+# - Description starting with an uppercase letter and ending with a dot at the very end. Multiple sentences are allowed (https://github.com/reference/to/an/issue or, if there is no issue, reference to a pull request itself).
+
+
+## Possible keys:
+
+# breaking_changes
+
+#     Changes that break existing playbooks or roles. This includes any change to existing behavior that forces users to update tasks. Displayed in both the changelogs and the Porting Guides.
+# major_changes
+
+#     Major changes to Ansible itself. Generally does not include module or plugin changes. Displayed in both the changelogs and the Porting Guides.
+# minor_changes
+
+#     Minor changes to Ansible, modules, or plugins. This includes new features, new parameters added to modules, or behavior changes to existing parameters.
+# deprecated_features
+
+#     Features that have been deprecated and are scheduled for removal in a future release. Displayed in both the changelogs and the Porting Guides.
+# removed_features
+
+#     Features that were previously deprecated and are now removed. Displayed in both the changelogs and the Porting Guides.
+# security_fixes
+
+#     Fixes that address CVEs or resolve security concerns. Include links to CVE information.
+# bugfixes
+
+#     Fixes that resolve issues.
+# known_issues
+
+#     Known issues that are currently not fixed or will not be fixed.

changelogs/fragments/server_role.yml

@@ -0,0 +1,48 @@
+# https://docs.ansible.com/ansible/latest/community/development_process.html#changelogs-how-to
+
+minor_changes:
+  - Server role - Fix setup file verification on Debian derivates. Using gpg instead of dpkg-sig now.
+
+# known_issues:
+#   - This release is still in development and a heavy work in progress.
+#   - Discovery module is not feature complete yet.
+#   - Downtime module is not fully idempotent yet. This affects service downtimes and deletions.
+
+## Line Format
+# When writing a changelog entry, use the following format:
+
+# - scope - description starting with a lowercase letter and ending with a period at the very end. Multiple sentences are allowed (https://github.com/reference/to/an/issue or, if there is no issue, reference to a pull request itself).
+
+# The scope is usually a module or plugin name or group of modules or plugins, for example, lookup plugins. While module names can (and should) be mentioned directly (foo_module), plugin names should always be followed by the type (foo inventory plugin).
+
+# For changes that are not really scoped (for example, which affect a whole collection), use the following format:
+
+# - Description starting with an uppercase letter and ending with a dot at the very end. Multiple sentences are allowed (https://github.com/reference/to/an/issue or, if there is no issue, reference to a pull request itself).
+
+
+## Possible keys:
+
+# breaking_changes
+
+#     Changes that break existing playbooks or roles. This includes any change to existing behavior that forces users to update tasks. Displayed in both the changelogs and the Porting Guides.
+# major_changes
+
+#     Major changes to Ansible itself. Generally does not include module or plugin changes. Displayed in both the changelogs and the Porting Guides.
+# minor_changes
+
+#     Minor changes to Ansible, modules, or plugins. This includes new features, new parameters added to modules, or behavior changes to existing parameters.
+# deprecated_features
+
+#     Features that have been deprecated and are scheduled for removal in a future release. Displayed in both the changelogs and the Porting Guides.
+# removed_features
+
+#     Features that were previously deprecated and are now removed. Displayed in both the changelogs and the Porting Guides.
+# security_fixes
+
+#     Fixes that address CVEs or resolve security concerns. Include links to CVE information.
+# bugfixes
+
+#     Fixes that resolve issues.
+# known_issues
+
+#     Known issues that are currently not fixed or will not be fixed.

galaxy.yml

@@ -9,7 +9,7 @@ namespace: tribe29
 name: checkmk
 
 # The version of the collection. Must be compatible with semantic versioning
-version: 0.7.0
+version: 0.8.0
 
 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection
 readme: README.md

plugins/modules/activation.py

@@ -32,6 +32,10 @@
         description: Wheather to active foreign changes.
         default: false
         type: bool
+    validate_certs:
+        description: Whether to validate the SSL certificate of the Checkmk server.
+        default: true
+        type: bool
 
 author:
     - Robin Gierse (@robin-tribe29)
@@ -90,6 +94,7 @@ def run_module():
     module_args = dict(
         server_url=dict(type="str", required=True),
         site=dict(type="str", required=True),
+        validate_certs=dict(type="bool", required=False, default=True),
         automation_user=dict(type="str", required=True),
         automation_secret=dict(type="str", required=True, no_log=True),
         sites=dict(type="raw", default=[]),

plugins/modules/discovery.py

@@ -32,6 +32,10 @@
         type: str
         default: new
         choices: [new, remove, fix_all, refresh, only_host_labels]
+    validate_certs:
+        description: Whether to validate the SSL certificate of the Checkmk server.
+        default: true
+        type: bool
 
 author:
     - Robin Gierse (@robin-tribe29)
@@ -80,6 +84,7 @@ def run_module():
     module_args = dict(
         server_url=dict(type="str", required=True),
         site=dict(type="str", required=True),
+        validate_certs=dict(type="bool", required=False, default=True),
         automation_user=dict(type="str", required=True),
         automation_secret=dict(type="str", required=True, no_log=True),
         host_name=dict(type="str", required=True),

plugins/modules/downtime.py

@@ -88,6 +88,10 @@
         type: str
         default: present
         choices: [present, absent]
+    validate_certs:
+        description: Whether to validate the SSL certificate of the Checkmk server.
+        default: true
+        type: bool
 
 author:
     - Oliver Gaida (@ogaida)
@@ -405,6 +409,7 @@ def run_module():
     module_args = dict(
         server_url=dict(type="str", required=True),
         site=dict(type="str", required=True),
+        validate_certs=dict(type="bool", required=False, default=True),
         automation_user=dict(type="str", required=True),
         automation_secret=dict(type="str", required=True, no_log=True),
         host_name=dict(type="str", required=True),

plugins/modules/folder.py

@@ -39,6 +39,10 @@
         type: str
         default: present
         choices: [present, absent]
+    validate_certs:
+        description: Whether to validate the SSL certificate of the Checkmk server.
+        default: true
+        type: bool
 
 author:
     - Robin Gierse (@robin-tribe29)
@@ -229,6 +233,7 @@ def run_module():
     module_args = dict(
         server_url=dict(type="str", required=True),
         site=dict(type="str", required=True),
+        validate_certs=dict(type="bool", required=False, default=True),
         automation_user=dict(type="str", required=True),
         automation_secret=dict(type="str", required=True, no_log=True),
         path=dict(type="str", required=True),

plugins/modules/host.py

@@ -40,6 +40,10 @@
         type: str
         default: present
         choices: [present, absent]
+    validate_certs:
+        description: Whether to validate the SSL certificate of the Checkmk server.
+        default: true
+        type: bool
 
 author:
     - Robin Gierse (@robin-tribe29)
@@ -230,6 +234,7 @@ def run_module():
     module_args = dict(
         server_url=dict(type="str", required=True),
         site=dict(type="str", required=True),
+        validate_certs=dict(type="bool", required=False, default=True),
         automation_user=dict(type="str", required=True),
         automation_secret=dict(type="str", required=True, no_log=True),
         host_name=dict(type="str", required=True),

requirements.yml

@@ -1,4 +1,4 @@
 ---
 collections:
   - name: tribe29.checkmk
-    version: 0.7.0
+    version: 0.8.0

roles/agent/README.md

@@ -29,6 +29,14 @@ The protocol used to connect to your Checkmk site.
 
 The FQDN or IP address of your Checkmk server.
 
+    checkmk_agent_server_validate_certs: 'true'
+
+Whether to validate the SSL certificate of the Checkmk server.
+
+    checkmk_agent_port: "{% if checkmk_agent_protocol == 'https' %}443{% else %}80{% endif %}"
+
+The port of the web interface of your Checkmk server. Defaults to port 80 for http and port 443 for https.
+
     checkmk_agent_site: my_site
 
 The name of your Checkmk site.
@@ -69,6 +77,11 @@ for automatic updates. Otherwise this will fail.
 
 Automatically configure the firewall to allow access to the Checkmk agent.
 
+    checkmk_agent_force_install: 'false'
+
+Force the installation of the agent package, no matter the constraints.
+This means, downgrades become possible and unverified packages would be installed.
+
     checkmk_agent_prep_legacy: 'false'
 
 Enable this to automatically install `xinetd` on hosts with systemd prior to version 220.

roles/agent/defaults/main.yml

@@ -3,6 +3,8 @@ checkmk_agent_version: "2.1.0p1"
 checkmk_agent_edition: cre
 checkmk_agent_protocol: http
 checkmk_agent_server: localhost
+checkmk_agent_server_validate_certs: 'true'
+checkmk_agent_port: "{% if checkmk_agent_protocol == 'https' %}443{% else %}80{% endif %}"
 checkmk_agent_site: my_site
 checkmk_agent_user: "{{ automation_user | default('automation') }}"
 
@@ -15,6 +17,7 @@ checkmk_agent_discover: 'false'
 checkmk_agent_update: 'false'
 checkmk_agent_tls: 'false'
 checkmk_agent_configure_firewall: 'true'
+checkmk_agent_force_install: 'false'
 checkmk_agent_prep_legacy: 'false'
 checkmk_agent_delegate_api_calls: localhost
 checkmk_agent_host_name: "{{ inventory_hostname }}"

roles/agent/tasks/Debian.yml

@@ -2,6 +2,7 @@
 - name: "Debian Derivates: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent."
   ansible.builtin.uri:
     url: "{{ checkmk_agent_agent.url.cee }}?host_name={{ inventory_hostname }}&os_type=linux_deb&agent_type=host_name"
+    validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}"
     dest: "{{ checkmk_agent_agent.file.host }}"
     method: GET
     headers:
@@ -19,6 +20,7 @@
   become: true
   ansible.builtin.apt:
     deb: "{{ checkmk_agent_agent.file.host }}"
+    force: "{{ checkmk_agent_force_install | bool }}"
     state: present
   when: |
     (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe")
@@ -29,6 +31,7 @@
 - name: "Debian Derivates: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent."
   ansible.builtin.uri:
     url: "{{ checkmk_agent_agent.url.cee }}?os_type=linux_deb&agent_type=generic"
+    validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}"
     dest: "{{ checkmk_agent_agent.file.cee }}"
     method: GET
     headers:
@@ -44,6 +47,7 @@
   become: true
   ansible.builtin.apt:
     deb: "{{ checkmk_agent_agent.file.cee }}"
+    force: "{{ checkmk_agent_force_install | bool }}"
     state: present
   when: |
     (checkmk_agent_edition == "cee" or checkmk_agent_edition == "cfe")
@@ -55,6 +59,7 @@
   become: true
   ansible.builtin.apt:
     deb: "{{ checkmk_agent_agent.file.cre }}"
+    force: "{{ checkmk_agent_force_install | bool }}"
     state: present
   when: checkmk_agent_edition == "cre"
   tags:

roles/agent/tasks/RedHat.yml

@@ -2,6 +2,7 @@
 - name: "RedHat Derivates: Download host-specific Checkmk {{ checkmk_agent_edition | upper }} Agent."
   ansible.builtin.uri:
     url: "{{ checkmk_agent_agent.url.cee }}?host_name={{ inventory_hostname }}&os_type=linux_rpm&agent_type=host_name"
+    validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}"
     dest: "{{ checkmk_agent_agent.file.host }}"
     method: GET
     headers:
@@ -30,6 +31,7 @@
 - name: "RedHat Derivates: Download GENERIC Checkmk {{ checkmk_agent_edition | upper }} Agent."
   ansible.builtin.uri:
     url: "{{ checkmk_agent_agent.url.cee }}?os_type=linux_rpm&agent_type=generic"
+    validate_certs: "{{ checkmk_agent_server_validate_certs | bool }}"
     dest: "{{ checkmk_agent_agent.file.cee }}"
     method: GET
     headers: